It only requires a quick glance at the news to realise that cyber attacks have become a daily occurrence, with multiple organisations, companies, governments and individuals suffering the dire consequences of such an attack across the globe. But what exactly is a cyber attack and what steps can your organisation take to defend itself against them?
What are cyber attacks?
A subdivision of cybercrime, cyber attacks are unwanted attempts to extract, modify, leak, damage or tamper with digital information through illicit access to a computer, network or other forms of digital systems.
Although many perpetrators of cyber attacks may be motivated by the desire to profit from the attack, the causality of cyber attacks is not limited to financial gain, with some malicious actors executing attacks to cripple a system for political or sociological reasons. The latter two categories include cyber terrorism and cyber activism, with the second type often being referred to as hacktivism.
An example of hacktivism took place earlier this year when Belarusian group Cyber Partisans hacked into the Ministry of Interior’s system, successfully extracting five terabytes of data, including the true identities and addresses of government security agents.
In terms of cyber terrorism, one notable example in recent years has been the state of North Korea, which has demonstrably used cyber attacks to both fund its operations through the use of ransomware (a form of malware that infects your device and holds it hostage in exchange for a monetary reward), as well as to cause damage to foreign entities by either creating chaos in their digital operations or by extracting private information. We will revisit both malware and ransomware in more detail in a later section.
State-sponsored cyber attacks have become such a prevalent threat that Microsoft sought to address the topic as recently as October 25, 2021, when John Lambert, Distinguished Engineer and Vice President at the Microsoft Threat Intelligence Centre wrote an article on nation-state attacks.
“The aims of nation-state cyber actors—largely espionage and disruption—remain consistent, along with their most reliable tactics and techniques: credential harvesting, malware, and VPN exploits,” Lambert wrote.
According to Microsoft’s Digital Defence Report, which utilises the company’s own cyber security data (e.g. Microsoft delivers a specialised notification to victims of nation-state cyber attacks), more than 20,500 nation-state attacks took place between 2019 and 2021.
“Nation-state activity spans nearly every industry sector and geographic region,” the report noted.
“In other words, protections against these tactics are critical for every organisation and individual,” the report added.
Where do cyber attacks come from?
Contrary to popular belief, cyber attacks can be perpetrated by both external, as well as external parties, with the key differences between them often lying in their motivation, as well as the way in which they conduct their attack.
External sources of cyber attacks include organised cyber criminals and groups, hackers who make their living from cyber attacks (include state-sponsored malicious actors like the aforementioned case of North Korea), novice or otherwise amateur hackers (hacktivists usually fall under this category).
Internal threats can span from your organisation’s own employees being sloppy and careless with security protocols and information security procedures (an accidental form of attack that usually opens the door to other malicious entities), discontented current or previous employees who may wish to damage your organisation, as well as other stakeholders who have been given some form of legitimate access to your internal system (this includes business partners, clients and other entities).
How often do cyber attacks occur?
According to a study by the University of Maryland’s Clark School, a cyber security attack takes place every 39 seconds.
“The school is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access— every 39 seconds on average, affecting one in three Americans every year —and the non-secure usernames and passwords we use that give attackers more chance of success,” the University of North Georgia reported using the source mentioned in the quote.
Additionally, according to the study, 42 per cent of cyber attacks are aimed at small-to-medium businesses (SMEs), while 64 per cent of companies have experienced cyber attacks perpetrated over the internet.
Based on data for the year 2020, the average cost for a successful data breach among US companies surpassed $150 million, with a report released by Juniper Networking pointing to cyber attacks costing organisations more than $2 trillion in total for the year before.
What are the different types of cyber attacks?
Cyber attacks have various forms and utilise a number of techniques and mediums to accomplish their goal. In this section, we will examine a number of cyber attacks, how they differ from each other, and how they could affect your organisation.
In plain terms, malware is a piece of software crafted in such a way so that it either destroys, damages, disrupts or obtain illegal and unwanted access to a computer system.
Malware contains several sub-types of software that search for vulnerabilities in a system in order to exploit them in of the way mentioned above and utilise a wide range of technical approaches to achieve their malicious goal.
Once malware successfully infiltrates a system, it can be automatically triggered to perform a number of actions, including the installation of other dangerous software, covertly running programs unbeknownst to the user, hurting the system’s performance, as well as sharing the data found on the user’s device with third parties without the user knowing this is happening.
An example of this from 2021 has been the near 50 per cent rise in banking malware on the Android smartphone operating system, which runs on approximately 72.44 per cent of all smartphones at the time of writing.
“Contrary to 2020 and the first four months of 2021, overall numbers of Android detections started to rise again in Q2 2021, by 32.6 per cent,” Slovak internet security company Eset wrote in their quarterly threat report for the second quarter of the year.
“Android banking malware, which rose by an incredible 158.7 per cent in Q1, saw a continued increase of 49 per cent,” the report added, explaining that while the growth has slowed down, the trend is worrying given the direct impact of these threats on the financial situation of their victims.
Phishing attacks are one of the most common forms of cyber attack as they require minimal complexity and preparation.
Phishing involves the sending of email messages that pretend to be from a legitimate source, including official companies or individuals known to the victimised user and attempt to get their target to reveal crucial security information such as passwords, usernames, financial data, and more. Phishing can also be used to facilitate a secondary attack, such as the installation of malware.
As recently as October 26, 2021, email security provider Inky reported on how a group of cyber criminals took advantage of a specific function on classified advertisement site Craigslist to launch phishing attacks while the senders remained anonymous.
“Craigslist, that old-fashioned website people still use to find things locally — and urgently — has become the latest phishing vector,” Inky reported.
“Craigslist knows the identities of everyone, but unless a correspondent discloses details, they are perfectly anonymous to others on the system,” Inky added, explaining that this setup is perfect for someone wishing to launch a phishing attack.
The fake notifications sent from Craiglist allowed the attackers to deliver their payload by installing malware that was hosted on the OneDrive page. The phishing attack in this instance utilised a two-pronged approach involving both brand impersonation and the exploitation of a legitimate website for illicit means.
Ransomware is a subdivision of malware and it essentially disrupts the normal running of your device or computer system (oftentimes by encrypting all data found on the device) until a monetary ransom is paid to the perpetrator within a fixed window of time.
Malicious entities who launch ransomware attacks will most likely permanently delete the encrypted data unless the aforementioned amount is paid to them before the deadline expires.
According to the director of the United Kingdom’s spy agency GCHQ Jeremy Fleming, ransomware attacks in the UK doubled in just a year, attacking a number of government agencies and institutions during this time.
“I think that the reason [ransomware] is proliferating – we’ve seen twice as many attacks this year as last year in the UK – is because it works, it just pays, Fleming said.
“Criminals are making very good money from it and are often feeling that that’s largely uncontested,” he added.
Ransomware has also been linked with state-sponsored cyber attacks, with a lot of ransomware attacks originating in Russia.
“Specialists believe Russian ransomware will continue to expand given the proliferation of cyber hacking tools and cryptocurrency payment channels,” British newspaper The Guardian wrote in October of this year.
A password breach takes place each and every time a private and undisclosed password is utilised by a third party without prior authorisation to gain access to personal and private data.
Password breaches can take place in a number of ways, with two of the most common ways being dictionary attacks and brute force attacks.
As the name implies, a dictionary attack involves an attempt to identify a password by entering a large number of words and phrases collected from a variety of sources, including the target victim’s social media and other online profiles which may provide a hint as to their chosen password.
Dictionary attacks are also a subset of a brute force attack, with the key difference being the number of words and phrases entered when trying to successfully attempt a password breach.
A dictionary attack is more targeted and involves fewer words and phrases, while a brute force attack is much more broad and comprehensive.
Denial-of-Service Attacks (DoS)
Denial-of-service (DoS) attacks occur when a malicious actor or group targets a victim system by drowning it in immensely high volumes of traffic, with the ultimate aim of such an action being the crippling of the system and the disruption of its services for legitimate users.
Cyber criminals can also illegally gain control of other users’ devices and use them to perform their attack, with this type of DoS being called a Distributed-Denial-of-Service Attack (DDoS), since it’s spread across hundreds or thousands of devices.
In October of this year, Microsoft reported that its Azure cloud service successfully defended a customer from a massive 2.4 Tbps (TeraBits Per Second) DDoS attack, with the customer’s cloud-hosted site remaining immune to the attack.
“Attacks of this size demonstrate the ability of bad actors to wreak havoc by flooding targets with gigantic traffic volumes,” an Azure spokesperson said.
What Boltonshield can do to help you
As we have explored and demonstrated in this article, cyber attacks and online threats, in general, are becoming increasingly common, more sophisticated, and more targeted.
The potential that your organisation may suffer financial losses, intellectually property theft, unwanted extraction of private and proprietary information, as well as irreparable reputational ruin cannot be ignored and left to chance.
Despite the proven level of risk, the vast majority of organisations continue to underfund their cybersecurity operations, carrying on with outdated equipment, insufficient staff, poorly configurated setups and systems prone to accidental exposure through employee carelessness.
Boltonshield’s holistic approach, where we effectively manage your cybersecurity under one unified plan, will help your organisation deal with every type of cyber attack through an array of cost-effective and bespoke plans designed to meet your exact needs.
This includes the continuous monitoring and management of employee devices and all organisational information security systems.
One of the key tools in Boltonshield’s arsenal is our penetration testing services, where our ethical hackers with decades of IT security experience between them, certify your organisation’s level of defence and produce a detailed report on what improvements can be made.
While your organisation may have already put a range of security measures in place, those may be now out-of-date, poorly configured, or not specialised enough to cope with the demands of your business, sector or client requirements.
Moreover, just as cybersecurity is not a one-time project, but rather a continuous process of assessment and improvement. Threats evolve and change while entirely new sources of danger emerge at an ever-quickening pace. Commissioning tests to ensure that your defence system is robust enough to handle outside attacks should be a recurring exercise.
In addition, Boltonshield offers managed security services, offering a systematic approach to managing an organization’s security needs.
Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies.
Detta innebär att administratörerna slipper den stora bördan av att utföra uppgifterna manuellt, vilket kan vara mycket svårt, så att de kan fokusera på de områden där det behövs mest.
Finally, Boltonshield can also help protect your organisation through the deployment of our security operations centre (SOC) service.
A SOC involves the creation of a centralized space intended to accommodate a specialized information security team with the aim of continuously monitoring and analyzing all network traffic, all users and all endpoint devices.
It gives your organisation the ability to diagnose and identify all cybersecurity incidents and any potential threats, and react accordingly in order to nullify any threats through advanced technology solutions and robust predetermined processes.
By outsourcing your SOC services to Boltonshield, you benefit in two key ways: you do not have to spend the requisite amount of money to create and maintain a new SOC from scratch, and you also instantly acquire the experienced and highly skilled staff to operate it.
Outsourcing the management of your SOC to external specialists can save your organisation both money and time by quickly reallocating this task to a team that has everything set up and ready to go and are invested in implementing best practices for their clients.
Du kan kontakta oss to find out exactly how Boltonshield can help you by clicking here.
If you want to get updated about our recent publications about cybersecurity related topics, subscribe to our newsletter.